Support

A cookie is a piece of data stored by your browser or device that helps websites like this one recognize return visitors. We use cookies to give you the best experience on BNA.com. Some cookies are also necessary for the technical operation of our website. If you continue browsing, you agree to this site’s use of cookies.

Events

Bloomberg Next marketing services allow clients to elevate their brands and extend their reach through our established and trusted expertise, enhanced with engaging event production, appealing design, and compelling messaging.

The Problem With Third-Party Due Diligence Questionnaires

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

COMPLIANCE PROGRAMS

By Hui Chen

Hui Chen (
www.HuiChenEthics.com) was the Justice Department’s first-ever compliance counsel expert before leaving
in June to start her own private compliance consulting service. Before she joined
the DOJ, Hui served in global senior compliance lead positions at Microsoft, Pfizer,
and Standard Chartered Bank.

Third-party due diligence is a constant topic in corporate compliance. Judging from
the number of vendors in the space, one surmises there is significant spending to
sustain them all. Virtually all of the systems I have seen begin with a request to
the third party to provide information about itself in a questionnaire. Just how reliable
is this foundational data?

Not only do I have opportunities to review due diligence questionnaires on many occasions,
but I now also have the pleasure of having to complete them myself as a consultant.
Below are some common pitfalls I have observed.

Who is completing the form?

Typically, the person who is completing the questionnaire is a low-level employee
with no organizational overview and little access to information. Most due diligence
processes I have seen, however, do not appear to recognize this reality. In asking
a question such as “Have you received training on export controls?”, who exactly is
“you”? If “you” is the organization, you are counting on the clerk answering the question
to collect and provide information on all export control training that’s been done
across the organization. How confident are you that this would be done?

Unclear or overly broad scope.

“Have you ever provided hospitality to any Government Officials?” Does having your
army buddy over for drinks count? “Do you take cash payments?” Surely, somewhere at
some time the organization does. And there are the eight questions rolled into one:
“Are you, or are any of your immediate family members, in a business or personal relationship
with a current or former Government Official?” There are three sets of variables:
you and your family members, business and personal relationships, current and former
Government Officials. How much are you counting on the clerk answering the question
to be able to inquire and document each line of relationship?

Unanswerable questions.

“Have you potentially or actually violated any laws relating to [several different
areas of law]?” Even in a company with the most vigilant compliance program, it is
impossible to know all potential or actual violations of all kinds of laws. Even when
it is aware, it is hardly in a position to disclose that knowledge in this setting.
Thus the only truthful answers to this question would be “don’t know” and “can’t tell.”
What exactly is accomplished by asking this?

Obviously cover-your-ass questions.

Questions such as “Do you comply with all applicable laws?” or “do you [launder money]/[provide
payments for benefit]?” are clearly asked to prompt the “right” answer. People have
told me these are “CYA” questions. The problem is, when everyone knows it is a CYA
query, it loses credibility to provide the coverage you desire.

Duplicative processes.

A symptom of compliance due diligence not being integrated into the business processes
is that duplicative questions are asked on multiple platforms. Due diligence questionnaires
usually begin with basic questions such as the nature of the service, contact person,
business type, etc. Often, the company already has the answers to these from the contract
and other procurement or partner processes that precede onboarding. These separate
processes create room to game the system: what’s in the questionnaire doesn’t have
to be what’s in the contract. It then creates the need for additional audit and monitoring
to ensure consistency across systems. Multiple platforms are costly because they create
inefficiency and vulnerability.

What will you do with the answers?

Questions need to be asked with a purpose in mind: this means knowing what to do with
the answers you might get. Efficiency demands that you ask questions to which you
really need the answer, and accountability requires that you have ways to verify the
answer. Questions that generate information you don’t need, or answers you have no
way of verifying, waste everyone’s time and erode your credibility.

Missing a brain.

I have found the lack of common sense and logic to be the underlying theme of many
due diligence questionnaires. Things that can easily be explained in one sentence
are now broken into unrelated entries of drop-down boxes that do not offer sensible
answers. No one seems to be asking common sense questions and, more importantly, putting
the pieces together in a logical way. The technology and the platforms are tools:
they need a brain to make them useful.

All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to books@bna.com.

Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)

Notify me when updates are available (No standing order will be created).

This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to research@bna.com.

Put me on standing order

Notify me when new releases are available (no standing order will be created)